vidar | e5080c93937732e4454cf13b87988cc8ae952b0e4065e600e7fcea2144d2e251 | Triage

Sharing

General

Target

LDPlayer-Dump.rar
Size

54.3MB
Sample

230327-zafvhahb6w
MD5

7b54a2c67bacbc1af869ea15345d89c1
SHA1

329c7e480931f5a607777f0faa2c7eaff4afbc61
SHA256

e5080c93937732e4454cf13b87988cc8ae952b0e4065e600e7fcea2144d2e251
SHA512

f369fa8e6242f650e8996b77f3a07672bfb8e24e7c85d524c728d6a51b7bfeaa89f375e3b0da2649d7220fca7d7c6b5bfd1c2528e36450f91980df343c8da483
SSDEEP

98304:H8yEnQWlhNXqF87Esw9zSvMHDYzj4T3TX/Ydqb:EQWlhNX33EzSMkQz

Score

10^/10

vidar 3037f12060a20d880cc80c86ab34fe19 spyware stealer

Malware Config

Extracted

Family

vidar

Version

3.1

Botnet

3037f12060a20d880cc80c86ab34fe19

C2

https://steamcommunity.com/profiles/76561199472266392

https://t.me/tabootalks

http://135.181.26.183:80

Attributes

profile_id_v2
3037f12060a20d880cc80c86ab34fe19
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79

Targets

- Target
  
  LDPLayer.exe
- Size
  
  1106.4MB
- MD5
  
  9e9acd3fed40e009b48db9db81ca26b8
- SHA1
  
  80d89d18dae1f268108686e00f1e8dcd536d23b8
- SHA256
  
  df5b8c7f9f471370bd28dfe436d923c9fff5ec7eb0916cc4eb05cab69071a375
- SHA512
  
  8e75e0b6b471e951df306ee0c15324b992d43d28b7141bdc86070c3d45c0913e76553c678cebe6672e4bd6b980e0899e715111fb17e32447393d783911857008
- SSDEEP
  
  12288:vcieJy1y9vL/CSvh4RRlE+U9gBwMKLzpd:vWg8ZLBefJU995Lzj
Score

10^/10

vidar 3037f12060a20d880cc80c86ab34fe19 spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  RealO/eulaLic.docx
- Size
  
  8KB
- MD5
  
  a729d63514511766fcdd2de19cdbd017
- SHA1
  
  737827e5c0ab0adc287d3b3bb16d26a9a42f0939
- SHA256
  
  6dda16414ec5a7f6908f6088ea5edb7c67b024c3f695fbf7048ab823bcfee728
- SHA512
  
  ad6bc65c950a94383f3f1d987508d22167343db632412b74d4734482916a7c18981dc8d84c57109f0882f6c5c6f280db876bafd24837f06996614d1bb9ce6ee2
- SSDEEP
  
  192:HLFjO9B8eBfDX/Ek8IFyMlgy/RVr1YGrtsk2whjPYwWkpeFWlMddhTdLVxFl/:HLFjO9B8eBfDXoIFyLw1YGZsk2whjPYL
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar3037f12060a20d880cc80c86ab34fe19spywarestealer

behavioral2

vidar3037f12060a20d880cc80c86ab34fe19spywarestealer

behavioral3

behavioral4